I'm beginner in spring security and I have a problem with that((I used spring security 3.1)). I have a project and I have to read all spring security url pattern from Db instead of springSecurity application context.
how can I do it? my point is how can I manage access to special url in my java classes instead of use below config in springSecurity application context.
<intercept-url pattern="/customer/showAll" access="hasAnyRole('OPERATOR,ADMIN')"/>
thank you
You can provide your own implementation of FilterInvocationSecurityMetadataSource. In the Collection getAttributes(Object object) method you can load your patterns and access parameters from DB (see default implementation). Each pattern must be converted into RequestMatcher object. An access attribute value must be converted into a collection of ConfigAttribute objects. As an input object you will have incoming request. You must populate requestMap from DB. See here how configure Spring Security to use your own FilterInvocationSecurityMetadataSource implementation instead of default ExpressionBasedFilterInvocationSecurityMetadataSource.
